Cloud Computing and Data Security

You have surely heard it, you may even use it without being aware of it: cloud computing has invaded our daily life. The term cloud computing has been used so often that one has lost its signification and advantages. So first of all, let’s go back to basics, then let’s see how privacy is dealt within that new environment.

What is cloud computing ?

Cloud computing de-materializes IT infrastructure for the user/company thereby offering the applications as services. Let’s say, for example, that a company once had to manage a physical server so as to run his own e-mail applications, with cloud computing, there’s no need any more to host a physical at the company’s premises as they could be using a Google Apps service and access a Gmail-like service. The only thing that is needed from the user side is a device (a computer, a smartphone, a tablet, …) to access the services.

While the use has started from e-mail and other collaboration tools (calendar, tasks, address-book, …) cloud computing has evolved to a wider offer. With services like Amazon S3, for example, one can host his files on Amazon’s strong infrastructure. In the music industry, services like Spotify are delivering playlists from the cloud. In the customer relationship management field, Salesforce.com is maintaining all the application in the cloud.

In fact, we are now moving to a consumption mode where IT is provided as a service. This alleviates the need for having to invest/maintain expensive hardware and software by leveraging on shared resources online.

Risks of sharing

This sharing facility can present some risks as multi-tenancy is adopted for the same resources: one server can then be used by ten or twenty companies. It is almost admitted that cloud computing providers are offering more professional services/infrastructures so as to maintain a very high availability, it can happen that they fail sometimes (refer to the recent Blackberry outage for example). Moreover, most cloud computing service providers are maintaining a high-level of security within their infrastructure though one can almost be sure that each tenant has their own private environment.

Accessing cloud computing services through SSL

As a cloud computing user, you want to make sure that there’s no man-in-the-middle attack while you are accessing those services that are provided online through cloud computing providers. Most of those services are now accessed through SSL. If you are a user of one of those online e-mail systems (Gmail, Yahoo, MSN, …), you would have noticed that they have now adopted the use of HTTPS protocol. They are strongly inviting their users to access their service via HTTPS instead of HTTP. Even services like Facebook and twitter are also implementing this SSL feature so as to prevent spoofing.

To sum-up, for any cloud-computing service that you are using, please make sure that you are accessing them through HTTPS. If they don’t provide that feature, as a general rule of thumb, you’re better left thinking that this is not yet a mature-enough cloud service provider.